From: "Loc Ho" Subject: RE: IPSec ESP Authenc Offload Date: Wed, 28 May 2008 09:42:47 -0700 Message-ID: <0CA0A16855646F4FA96D25A158E299D604814F16@SDCEXCHANGE01.ad.amcc.com> References: <20080526112058.GA16525@gondor.apana.org.au> <0CA0A16855646F4FA96D25A158E299D604814C4A@SDCEXCHANGE01.ad.amcc.com> <20080528063434.GA1173@gondor.apana.org.au> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8BIT Cc: To: "Herbert Xu" Return-path: Received: from sdcmail02-ext1.amcc.com ([198.137.200.73]:10541 "EHLO sdcmail02.amcc.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751687AbYE1Qmt convert rfc822-to-8bit (ORCPT ); Wed, 28 May 2008 12:42:49 -0400 Content-class: urn:content-classes:message In-Reply-To: <20080528063434.GA1173@gondor.apana.org.au> Sender: linux-crypto-owner@vger.kernel.org List-ID: Hi, With IPSec ESP Authenc, it is expected that the selected driver generates "IV" as well as encrypts the data. Our 'hardware' (available currently), can only handle either no header processing or header processing (from ESP to IV processing but not individual field processing). For no header processing, we will have to do a lot more work in software - create a context SA for each requested operation, copy from the initial context SA, after the operation completed, retrieve the update IV from context SA, and then write it back to the packet. For header processing, tell hardware to skip IP header (- ESP header - IV), write SPI, SEQ, and IV. (This is all handled by hardware with the exception of compute the skipped length of IP header.) It does write the SPI and SEQ again but it is handled by the hardware and with the same value as software. Alternatinely, we can parse the IP header for the IP header length but this information is already available in IPSec statck, would not work with UDP encapsulation, and would be cleaner. -Loc -----Original Message----- From: linux-crypto-owner@vger.kernel.org [mailto:linux-crypto-owner@vger.kernel.org] On Behalf Of Herbert Xu Sent: Tuesday, May 27, 2008 11:35 PM To: Loc Ho Cc: linux-crypto@vger.kernel.org Subject: Re: IPSec ESP Authenc Offload On Tue, May 27, 2008 at 11:29:22AM -0700, Loc Ho wrote: > > For authenc hardware offload outbound, we need to know the whole ESP > header length - IP header + UDP header + ESP header + IV. I am > thinking adding a field in struct aead_givcrypt_request as below: Could you please let me know why it needs this information? Is it doing ESP offload in addition to crypt/hash offload? Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html